[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Selinux, Fail2ban, iptables BUG



FC10/KDE

Has anyone run across this problem run across this while running fail2ban-0.8.3-18.fc10.noarch ??

there are two Redhat bug reports on this same problem and they seem to think it's fixed, but it isn't.
Bug #
499674
491444
Summary:

SELinux is preventing iptables (iptables_t) "read write" fail2ban_t.

Detailed Description:

SELinux denied access requested by iptables. It is not expected that this access
is required by iptables and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:iptables_t:s0
Target Context                system_u:system_r:fail2ban_t:s0
Target Objects                socket [ unix_stream_socket ]
Source                        iptables
Source Path                   /sbin/iptables
Port                          <Unknown>
Host                          biggie
Source RPM Packages           iptables-1.4.1.1-2.fc10
Target RPM Packages           
Policy RPM                    selinux-policy-3.5.13-58.fc10
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     biggie
Platform                      Linux biggie 2.6.29.1-42.fc10.x86_64 #1 SMP Wed
                              Apr 22 11:47:13 EDT 2009 x86_64 x86_64
Alert Count                   39
First Seen                    Sat 02 May 2009 09:43:41 PM EDT
Last Seen                     Thu 07 May 2009 01:09:31 AM EDT
Local ID                      765a64aa-c7e2-441f-ac75-afdfb7b642b6
Line Numbers                  

Raw Audit Messages            

node=biggie type=AVC msg=audit(1241672971.407:666): avc:  denied  { read write } for  pid=20191 comm="iptables" path="socket:[10476]" dev=sockfs ino=10476 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:fail2ban_t:s0 tclass=unix_stream_socket

node=biggie type=AVC msg=audit(1241672971.407:666): avc:  denied  { read write } for  pid=20191 comm="iptables" path="socket:[10496]" dev=sockfs ino=10496 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:fail2ban_t:s0 tclass=unix_stream_socket

node=biggie type=SYSCALL msg=audit(1241672971.407:666): arch=c000003e syscall=59 success=yes exit=0 a0=9decb0 a1=9df2f0 a2=9ddb80 a3=3d92f6da70 items=0 ppid=1864 pid=20191 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/iptables" subj=system_u:system_r:iptables_t:s0 key=(null)



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]